CVE-2016-8688Out-of-bounds Read in Libarchive

CWE-125Out-of-bounds ReadCWE-131Incorrect Calculation of Buffer Size14 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.2%
top 54.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LibarchiveDebian LibarchiveOpensuse Leap
Timeline
PublishedFeb 15
Latest updateMay 14

Description

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/libarchive< libarchive 3.2.1-5 (bookworm)
Debianlibarchive/libarchive< 3.2.1-5+3
Ubuntulibarchive/libarchive< 3.1.2-7ubuntu2.4+1
NVDopensuse/leap42.2

Patches

Patch: www.openwall.comPatch: blogs.gentoo.orgPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-jf7m-wjh4-58hv: The mtree bidder in libarchive 32022-05-14
OSV
libarchive vulnerabilities2017-03-09
OSV
CVE-2016-8688: The mtree bidder in libarchive 32017-02-15

📋Vendor Advisories

3
Ubuntu
libarchive vulnerabilities2017-03-09
Red Hat
libarchive: heap based buffer overflow in detect_form (archive_read_support_format_mtree.c)2016-09-15
Debian
CVE-2016-8688: libarchive - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when exte...2016

💬Community

7
Bugzilla
CVE-2016-9928 mcabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza2016-12-12
Bugzilla
CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 libarchive: various flaws [epel-5]2016-10-17
Bugzilla
libarchive: various flaws [fedora-all]2016-10-17
Bugzilla
CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 libarchive3: various flaws [epel-6]2016-10-17
Bugzilla
CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 mingw-libarchive: various flaws [fedora-all]2016-10-17